Friday, March 25, 2016

1.5 million Verizon Wireless Enterprise customers info hacked and being sold on the web

The latest failure in cybersecurity lies at the feet of Verizon. And not just any old division of the telecommunications giant, but rather Verizon Enterprise, the unit responsible for helping some of the world’s biggest companies deal with data breaches. The ironic breach has left the information of some 1.5 million Verizon customers exposed, and this data is reportedly being offered for sale at $100,000 (or 100,000 records at a time for $10,000 each).

According to Krebs On Security, an affiliate of an underground cybercrime forum advertised the sale earlier this week and also included the option of purchasing “information about security vulnerabilities in Verizon’s Web site.” That said, Verizon notes that only contact information was stolen from Verizon Enterprise customers, and that no Customer Proprietary Network Information (CPNI) or other data was compromised. Further, the company says, no consumer customers were affected by the hack.

When Krebs contacted Verizon about the alarming offer, the New Jersey-based firm noted that it was aware of a security flaw, and was contacting impacted customers.

“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal,” the company said in an emailed statement. “Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers.”

Perhaps not the most comforting of statements, but at the very least, Verizon was up to date on its issues.

Curiously enough, Verizon (and Verizon Enterprise in particular) is the vendor of choice for most Fortune 500 companies, especially because of its supposedly robust cybersecurity practices. Each year, Verizon releases a report on how best to avoid cyberthreats, though this year it may need to take its own advice a bit more seriously.

Such an attack just goes to show that when it comes to digital crime, no one truly safe.